Another breach where the numbers have grown far
beyond the initial estimate guess. My initial post
on Nov. 28 quoted, “nearly 5 million parents and more than 200,000
children.”
6.4m kids -
Vtech hack in numbers
Children's toy company Vtech announced it was
hacked last week - with millions of children's accounts accessed.
The stolen data includes names and addresses, as
well as, reportedly, pictures and chat logs.
Vtech they are still investigating the full extent
of the hack.
On Tuesday, the company shared more information
about the breach.
It admitted: "Our database was not as secure
as it should have been."
Here's what we now know:
6,368,509 children's accounts affected
4,854,209 parental accounts accessed
Countries most affected:
- USA (2,894,091 children)
- France (1,173,497)
- UK (727,155)
In total, 16 "countries"
are affected - Vtech lists Latin America as a single country, so the
actual number is unclear.
If someone is pretending to be China, should we
expect the Chinese to track them down and stomp on them? Would the
US do that?
Chris Uhlmann reports:
China is being blamed for a major cyber attack on the computers at the Bureau of Meteorology, which has compromised sensitive systems across the Federal Government.
Multiple official sources have confirmed the recent attack, and the ABC has been told it will cost millions of dollars to plug the security breach, as other agencies have also been affected.
The bureau owns one of Australia’s largest supercomputers and provides critical information to a host of agencies.
China denies any involvement in the attack:
“As we have reiterated on many occasions, the Chinese government is opposed to all forms of cyber attacks,” Chinese foreign ministry spokeswoman Hua Chunying said.
Read more on ABC
(AU).
(Related) Something for my Computer Security
students to ponder.
Chased by
the Dragon: Containment is the New Detection
... Visiongain
estimates today’s cybersecurity market to be worth $75B worldwide
and Gartner estimates it will grow to $100B+ by 2018, a CAGR of
roughly 10 percent. Contrast that with overall IT spending, which is
crawling along with an annual growth rate in the low single digits.
… Perhaps
the singular focus on detecting cyber incursions is not the answer.
Perhaps
a coequal focus on containing attacks after they occur is equally as
important.
If
we have learned one thing in the past few years, relying exclusively
on detection technologies such as IDS and APT will cause significant
problems. We must also look at how attacks spread laterally and
remain active over extended periods of time, especially in data
center and cloud environments. It is now time to prioritize
visibility and containment, augmenting the priority of looking for
suspicious and anomalous communications to the attack surface.
… A
recent SANS Institute survey, The
State of Dynamic Data Center and Cloud Security in the Modern
Enterprise
Survey and Research Report, underscores that most IT professionals
are unhappy with the level of visibility and containment provided by
the traditional tools they use to monitor traffic between data
centers and internal or external clouds. Nowhere is this more
evident than in the time these technologies take to stop and contain
breaches: fewer than 50% of breaches are detected and contained
within 24 hours.
It
is hard to explain technology to juries, particularly when lawyers
try to do it.
Molly
Willms reports on a case before the U.S. Supreme Court that touches
on “exceeding authorized access” under CFAA:
The confusion that plagued a jury in a computer hacking trial has followed the case all the way to the U.S. Supreme Court, where hypotheticals and technical questions abounded during oral argument Monday.
Michael Musacchio was convicted in May 2013 of one felony count of conspiracy to make unauthorized access to a protected computer and two felony counts of hacking. He was sentenced to 63 months in prison.
[…]
The jury in Musacchio’s case received the erroneous instruction that it had to find proof that he had accessed a private computer without authorization and exceeded his authorized access, according to the Fifth Circuit ruling. The jury found him guilty on all three counts, after which he claimed that the government failed to prove both elements of the charge as it was explained to the jury.
Read more on Courthouse
News. The transcript of yesterday’s oral argument can be found
here
(pdf).
As
if Greece didn't have enough problems.
Ashley
Carman reports:
Three unnamed Greek banks are the most recent victims of an extortion campaign in which a hacker group is attempting to fully take down their websites. The group, calling itself the Armada Collective, apparently made its first demand on Thursday of last week, at which point it also launched the first of its distributed denial-of-service (DDoS) attacks. Those attacks succeeded in disrupting transactions at every bank, the Financial Times reported. DDoS attacks overload websites’ servers in an effort to take them fully offline, and the Armada Collective has a set price to stop its efforts: each bank must pay 20,000 Bitcoin, or $7,208,200. The financial institutions aren’t bending under pressure, however, and are instead strengthening their DDoS defenses. Greece’s central bank and its police electronic crime unit are also monitoring the banks’ computer systems.
Read more on The
Verge.
Something
for my Computer Security students to debate. I include this because
I don't agree with all of his points.
The Moral
Character of Cryptographic Work
by Sabrina
I. Pacifici on Dec 1, 2015
The
Moral Character of Cryptographic Work, Phillip Rogaway,
Department of Computer Science, University of California, Davis, USA.
December 1, 2015
“Cryptography rearranges power: it con figures
who can do what, from what. This
makes cryptography an inherently political tool, and it confers on
the field an intrinsically moral dimension. The Snowden
revelations motivate a reassessment of the political and moral
positioning of cryptography. They lead one to ask if our inability
to effectively address mass surveillance constitutes a failure of our
field. I believe that it does. I call for a community-wide effort
to develop more effective means to resist mass surveillance. I plea
for a reinvention of our disciplinary culture to attend not only to
puzzles and math, but, also, to the societal implications of our
work.”
Advanced research on potential Ad targets?
Google
Deceptively Tracks Students’ Internet Browsing, EFF Says in FTC
Complaint
San Francisco—The Electronic Frontier Foundation
(EFF) filed a complaint
today with the Federal Trade Commission (FTC) against Google for
collecting and data mining school children’s personal information,
including their Internet searches—a practice EFF uncovered while
researching its “Spying
on Students” campaign, which launched today.
… Google’s practices fly in the face of
commitments made when it signed the Student
Privacy Pledge, a legally enforceable document whereby companies
promise to refrain from collecting, using, or sharing students’
personal information except when needed for legitimate educational
purposes or if parents provide permission.
Would it be worth creating a false phone “trail?”
Probably not. But automating the process will reduce cost.
Lending
Startups Look at Borrowers’ Phone Usage to Assess Creditworthiness
A handful of Silicon Valley-backed startups are
looking to revolutionize lending in the developing world, where banks
are scarce and many would-be borrowers have no credit history.
Their strategy: Show me your smartphone, and my
app will find out how creditworthy you are.
Smartphones can dramatically reduce the cost of
lending, experts say, because the apps they run generate huge amounts
of data—texts, emails, GPS coordinates, social-media posts, retail
receipts, and so on—indicating thousands of subtle patterns of
behavior that correlate with repayment or default.
… The
loans average $30, enough for a taxi driver to pay for gas
or a fruit seller to stock up on produce. Branch charges between 6%
and 12% interest—based on the borrower’s creditworthiness—and
loans are usually repaid between three weeks and six months later.
We're thinking of a 3D printer class. Could be
fun!
Gartner
Predicts 2016: 3D Printing Disrupts Healthcare and Manufacturing
Strategic Planning Assumption: By
2019, 10% of people in the developed world will be living with
3D-printed items that are on or in their bodies.
Strategic Planning Assumption: By
2019, 3D printing will be a critical tool in over 35% of surgical
procedures requiring prosthetic and implant devices (including
synthetic organs) placed inside and around the body.
Strategic Planning Assumption: By
2019, technological and material innovation will result in 10% of
counterfeit drugs and pharmaceuticals being produced with 3D
printers.
Strategic Planning Assumption: By
2019, 10% of all discrete manufacturers will be using 3D printers to
produce parts for the products they sell or service.
Are you ready for any of these? Infographic.
Have The
Coolest Home On The Block With These Gadgets
A number of interesting graphs to share with my
Statistics students. I really like the “CORRELATION vs. CAUSATION”
graph. Might be fun to try a few myself.
Our
Favorite Examples Of How The Internet Talks
About two weeks ago, we published our Reddit
Ngram interactive — a tool that lets you search for any term to
see how frequently it has been used in Reddit comments since late
2007. And readers (plus a few FiveThirtyEighters) have been sharing
some interesting findings, especially on Twitter and, of course,
Reddit. Below are some of our favorites so far.
Perspective.
New
statistics from the Centers for Disease Control and Prevention
(CDC) released Tuesday found 47 percent of homes only use cellphones
and do not have a landline phone.
That is about 5 percentage points higher than
homes that use both wireless and landline phones, which still
represent 41 percent of households.
… Pollsters are most likely to see
wireless-only homes among individuals aged 24-34, where 68 percent to
71 percent only use cellphones. About 85 percent of adults living
with nonrelated roommates live in a cellphone-only house. Renters
are also far more likely than homeowners to only use cellphones.
The CDC has asked the telephone question since
2003 to help it along with health-related survey research.
For all my students, Computer Security in
particular.
5 Best Free
Internet Security Suites for Windows
As a Windows user, you have three possible paths
when it comes to system security: use the built-in Windows Defender,
install third-party
security software, or ignore security altogether (the last option
isn’t possible on Home versions of Windows
10). The path you take is crucial.
In our piece on important
facts about Windows Defender, we noted that Windows Defender is
good enough for most users — but do you really want to settle for
“good enough” when your security is at stake? Seems like an
unnecessary risk to take…
So here are five of the best free security suites
for Windows, all of which offer anti-virus, anti-malware, and
real-time protection features. Some of these lack firewall
functionality, but you can always supplement with a free
third-party Windows firewall.
Something for all of our business students.
(Remember to “tip: your professor with 1% of your founders stock.)
Free eBook:
‘Startup Best Practices from 15 Serial Entrepreneurs’
… Today, we have a free eBook called “Startup
Best Practices from 15 Serial Entrepreneurs” that will teach you
about starting a business from the past experiences of the people who
have seen it all.
… To redeem your copy and download the free
eBook, just head over to this
page and sign up for a free account. The process will
take just a few seconds, and then you will be sent an email with a
link to download a free copy.
Handy for my niece who is doing a semester abroad
in Chile.
How to Make
Free Calls to Any U.S. Number From Anywhere
urn to Google Voice. Whether you’re in Brazil or
Ireland, all you need is an account in order to make free calls to
the United States and Canada. The most common method is to call
through the PC
app, but calls can also be made with both the Google
Voice and Google
Hangouts apps on Android.
As of now, Google calls are limited to 3 hours in
duration, but there aren’t any restrictions on how many times you
can redial the same number.
… You can try these free
apps for calling to the U.S. as well.
Another tool for students.
GrammarFlip
- Online Grammar Lessons for Students
GrammarFlip
is a free service that offers an extensive set of grammar lessons.
The basic format of the lessons in GrammarFlip is a video and
slideshow followed by a couple of review exercises. The content of
the video is based on the slideshow. The video in the lesson is
essentially a narration of the slides. The review exercises in
GrammarFlip lessons are a mix of multiple choice questions and
fill-in-the-blank questions.
Teachers can register on GrammarFlip
and create online classrooms. Once you have created a classroom on
GrammarFlip students can join it by entering an access code that you
assign to the room. Within your GrammarFlip classroom you can
distribute lessons and track your students' progress on the lessons
that you have assigned to them.
For my next batch of IT Governance students,
Corporate
Governance in the Age of Cyber Risks
Handy!
How to
Quickly Find Your Lost Mouse Cursor on Every OS
… For Windows users: Search
for Mouse in the Start menu, and switch to the
Pointer Options tab. At the bottom, check the box
for Show the location of the pointer when I press the Ctrl
key. Now, anytime you can’t find your cursor, just tap
either Ctrl key and a ring will pulse around your
cursor to help you find it.
No comments:
Post a Comment